News | Cybersecurity | August 29, 2019

New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices

Survey shows 82 percent of healthcare organizations experienced IoT-focused cyberattack in previous 12 months, with only 6 percent of organizations saying they have resources to tackle cybersecurity challenges

New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices

August 29, 2019 — Use of the Internet of Things (IoT) is booming, with IHS Markit forecasting there will be 73 billion connected devices in use around the world by 2025. IoT technology has moved beyond speakers and smart fridges and is increasingly being utilized for critical applications across the healthcare industry like insulin delivery devices, connected inhalers and even cancer treatments.

However, a report from digital platform security specialist Irdeto reveals the healthcare sector is severely lacking the resources to tackle a growing cybersecurity threat, and consequently patient safety could be at risk.

The company’s latest research, which surveyed security decision makers at global healthcare organizations to gauge perceptions of IoT security, found that 82 percent of healthcare organizations experienced an IoT-focused cyber-attack in the last 12 months; nearly a third of those hit reported compromised end-user safety as a result.

The report also revealed that only 6 percent of healthcare organizations have everything they need to tackle IoT cybersecurity challenges, with an urgent requirement for increased skills and more budget for security identified.

IoT devices are often targeted by cybercriminals as they are much easier to compromise than businesses’ more sophisticated perimeter cyber-defenses. The problem is that growth in the use of IoT has far outstripped the increase in trained professionals emerging. As a result, healthcare organizations often do not have the expertise internally to ensure the connected devices they are using within their organizations are secure.

Findings from the report revealed the following:

  • Power-down: Ninety (90) percent of those hit by IoT-focused cyberattacks experienced an impact, the most common of which was operational downtime (43 percent). Also noticeable is that 30 percent of attacks compromised end-user safety;
  • Vulnerable: Ninety-six (96) percent believe their organization has some form of cybersecurity vulnerability, with 42 percent identifying IoT devices as the biggest threat and a quarter of healthcare organizations identifying their greatest cybersecurity weakness as their own employees;
  • Need to improve: Ninety-eight (98) percent of all healthcare organizations believe the cybersecurity of IoT devices could be improved; and
  • Inadequate updates: Over one in four manufacturers of IoT devices for healthcare only update the security of devices they manufacture while they are in warranty. One in five leave it to the customer to install updates.

Steeve Huin, vice president of strategic partnerships, business development and marketing, Irdeto, commented, “IoT cyberattacks will continue to be prevalent as use of IoT devices grows. However, as they are increasingly used in mission-critical scenarios in industries like healthcare, the impact of operational down-time and compromises to end-user safety become far greater than just a financial cost.

“Securing each and every potential ‘entry point’ is critical to ensure the integrity of a business’ network as a whole. Manufacturers have a greater responsibility when dealing with potentially critical IoT in healthcare, and thus need to move away from the traditional “build, ship and forget” mindset and incorporate multiple layers of security into the devices they manufacture.

“The consequences of failing to properly secure healthcare IoT devices are real, and need to be taken seriously.”

For more information: www.irdeto.com

Related Content

New Report Examines Hospital Cybersecurity Challenges in Georgia
News | Cybersecurity | August 20, 2019
Healthcare data breaches are currently being reported at a rate of more than one a day, according to a new report from...
According to the National Association of County and City Health Officials, only 33 percent of the organizations plan against cybersecurity threats and initiate patient identity protection protocols.

According to the National Association of County and City Health Officials, only 33 percent of the organizations plan against cybersecurity threats and initiate patient identity protection protocols. 

Feature | Cybersecurity | May 06, 2019 | Maxim Chernyak
As the...
FDA and DHS Expand Partnership on Medical Device Cybersecurity
News | Cybersecurity | October 30, 2018
The U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security (DHS) will be implementing a...
Medtronic is issuing a software update to address a safety risk caused by cybersecurity vulnerabilities associated with the internet connection between the Carelink 2090 and Carelink Encore 29901 programmers used to download software from the Medtronic software distribution network (SDN) . This update is a voluntary recall correction by the manufacturer to address the safety risk caused by the cybersecurity vulnerability.

Medtronic is issuing a software update to address a safety risk caused by cybersecurity vulnerabilities associated with the internet connection between the Carelink 2090 and Carelink Encore 29901 implantable EP device programmers.

Feature | Cybersecurity | October 17, 2018
October 17, 2018 — The U.S.
Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products
News | Cybersecurity | April 16, 2018 | Jeff Zagoudis, Associate Editor
Philips Healthcare last week issued a proactive advisory warning to its iSite and IntelliSpace picture archiving and...
Can Your Cardiac Device Be Hacked?
News | Cybersecurity | February 27, 2018
Medical devices, including cardiovascular implantable electronic devices, could be at risk for hacking. In a paper...
MDISS Launches 'WHISTL' Network of Medical Device Security Testing Labs
News | Cybersecurity | August 23, 2017
The Medical Device Innovation, Safety and Security Consortium (MDISS) recently launched the first of more than a dozen...
HHS Unveils Improved Web Tool to Highlight Recent Health Information Breaches
News | Cybersecurity | August 21, 2017
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently launched a revised web...
Overlay Init